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USER IDENTIFICATION AND 
AUTHENTICATION SYSTEM USING ULTRA 
LONG IDENTIFICATION KEYS AND ULTRA 
LARGE DATABASES OF IDENTIHCATION 
KEYS FOR SECURE REMOTE TERMINAL 
ACCESS TO A HOST COMPUTER 

BACKGROUND OF THE INVENTION 

Most security programs for personal computers and net- 
works rely upon simple user passwords and they are there- 
fore vulnerable. There are two common methods for acquir- 
ing unauthorized access to a host computer. In the first 
method, the intruder improperly obtains and illegally uses 
the user ID and password of a valid user. The second method 
is to steal a valid user session in progress by switching the 
connection of the user to the thief's terminal. Without a 
method to verify the identity of the user, there is little 
preventing an intruder from obtaining unauthorized access 
to the user's account through a purloined user ID and 
password. 

This lack of security has been a shortcoming of various 
corporate and other networks including the Internet and is 
one factor that has limited commercial use of these net- 
works. 

One existing authentication system proposes to add a card 
reader to personal computers so thai users can verify their 
identity with a user identification card, as shown in U.S. Pat. 
No. 4,438,824, issued on Mar. 27, 1984, to C Mueller- 
Schloer for an invention entitled "Apparatus and Method for 
Cryptographic Identity Verification". However, few users 
will spend the time and money to install an expensive 
card-reader. Furthermore, user identification cards have very 
limited storage and usually store a short identification key. 
Therefore, the same short identification key is used during 
most if not all authentications. 

U.S. Pat. No. 5371,792, entitled CD-ROM DISK AND 
SECURITY CHECK METHOD FOR THE SAME issued 
on Dec. 6, 1994 to Toshinori Asai and Masaki Kawahori, 
relates to CD-ROMs for television game devices. The pur- 
pose of the security check is to prevent unlicensed CD-ROM 
disks from being played on a Sega game machine. The 
CD-ROM disk identifier disclosed in this patent is not 
unique to each individual CD-ROM disk, but instead merely 
indicates a kind of the CD-ROM disk. All CD-ROM disks 
of the same type have the same disk identifier. In the patent, 
two kinds of identifiers, "SEGADISKSYSTEM" and 
"SEGABOOTDISC* are described. The security code indi- 
cates that the CD-ROM disk is duly licensed and also 
contains a program which generates a message displayed on 
the user's monitor that the disk is licensed. 

There have been numerous patents issued for integrated 
circuit cards and other computerized portable security 
devices. For example, Beitel el al., U.S. Pat. No. 4,430,728, 
employs a physical security key which is coupled into a 
connector provided for it at a remote terminal. The key has 
two access keys which are required to access the central 
computer. This invention, like the Mueller-Schloer '824 
credit card device, requires special hardware to be added to 
computers and requires costly security keys. Locking the 
terminal does not prevent intruders from procuring unau- 
thorized access on public networks, since the intruder can 
use another terminal elsewhere. 

SUMMARY OF THE INVENTION 

The object of the present invention is to provide a 
practical and effective security system for secure remote 
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terminal or terminal emulation or computer access to a host 
computer. This is accomplished by using ultra long pass- 
words and/or ultra large databases of identification keys, i.e., 
by a CD-ROM disk or other portable large capacity storage 

5 medium containing a database of identification keys, long 
identification keys, or a combination thereof. The subse- 
quent descriptions of the invention will be in terms of 
CD-ROM disks, although other portable storage media such 
as Zip disks, floppy disks, digital versatile disks (DVDs), 

10 and Bernoulli disks can be used as well. The authentication 
system further includes a remote terminal with a portable 
large capacity storage medium reader, and a communica- 
tions device or system which connects the remote terminal 
to a host computer which has a large capacity storage 

15 medium. 

In accordance with the invention, the new security system 
may utihze one or more CD-ROM disks, other portable 
storage media, other storage devices including redundant 
arrays of inexpensive disks and hard drives, or any hybrid 
20 thereof containing databases of the user identification keys. 

The invention also contemplates encryption and other 
security methods for authenticating the identity of users. 

DESCRIPTION OF THE DRAWING 

25 

FIG. 1 is a schematic diagram of an exemplary embodi- 
ment illustrating the various steps required to practice the 
security system of the present invention, as well as illus- 
trating the components which comprise the required hard- 
ware and software of one CD-ROM-based implementation 
of the system itself. 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS OF THE INVENTION 

35 In general, the new and improved security system of the 
present invention provides individual users with what are 
characterized as "ultra long identification keys'* which are 
embodied on a physical object such as a CD-ROM disk 
which is provided to the authorized individual user. By 

40 "ultra long" it is contemplated that the individual user code 
will comprise at least 25 characters or 25 bytes of informa- 
tion as a bare minimum (it being understood that the typical 
password employed for consumer credit cards and the like is 
16 characters), although the use of a CD-ROM disk "key" 

45 enables passwords of hundreds of characters to be readily 
employed. The initial step in the new security method is to 
generate individual user access codes for each and every 
contemplated user who is to be granted authorized access to 
a network or a database or source or repository of inform a- 

50 tion which is desired to be protected and which is stored in 
or in conjunction with a "home" server or base computer. 
The individual user access key codes are generated using 
algorithms which may be optionally provided with means to 
generate individual encryption keys as well, in accordance 

55 with well known methods and industry standards for gen- 
erating encryption key codes. It is of course to be understood 
that in accordance with the principles of the present 
invention, the individual access key code is "ultra long" and 
is of a length that is otherwise too long and too cumbersome 

60 to be conveniently typed into a system by an individual 
and/or is too long to be included on a small credit card type 
of device, or the database of keys is too large to be included 
on a small card type of device, 
A central registry or other compilation of all of the 

65 individualized user access codes is established and is option- 
ally encrypted for loading on the home or main computer 
terminal or server on which the secured database is to be 
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located or in association with which the server is to function computers; in the latter case, means to avoid generating 

as a security mechanism. As a parallel to this step of the duplicate keys would be required (e.g. by a randomization 

development of the security system, each of the individual- function in the key generation algorithm, plus a check for 

ized user access key codes is separately recorded, for duplicate keys whenever a new key is added to the 

example by ganged optical recording machines of the type 5 database). The block diagram of FIG. 1 would then be 

known to the art for recording information onto CD-ROM modified accordingly. 

disks. Each disk is in the form of an actual physical Numerous other variants will also readily be apparent to 

"CD-ROM key" which is individualized for a particular end those skilled in the art. 

user (for example, a customer of a catalog sales jn a preferred embodiment, each user is issued a unique 

organization, a user of a secure database, a customer of a CD-ROM disk containing one or more unique identification 

financial institution, etc.). keys. An individual user inserts his CD-ROM disk "key" 

At this stage of the establishment of the system there is a into a computer connected via a network or other commu- 

complete registry of "ultra long" identification key codes nications device to a host computer; also referred to herein 

stored in a server and there is a distribution of the actual as a server. An access program on the CD-ROM "key" 

physical CD-ROM disk keys to authorized individual users connects to and forwards the unique identification key from 

who are to be provided access to a database. t^e CD-ROM disk key to the host computer in encrypted 

In order to provide authorized access to an authorized user form. A security authentication program stored on the server 

of the database or "transaction program", the user at his then decrypts the identification key, compares the identifi- 

remote personal computer terminal which will be, of course nation key with an identification key from the database of 

equipped with a CD-ROM reader, will load the CD-ROM ^^^r identification keys located on a large capacity storage 

disk mto his computer and log onto an access program or 20 ^^^.^ ^omiected to the host computer, and verifies the 

i^n^PA^f rt.^''*'''m™nl^ optionally be recorded on he -j^^^- ^^^^ ^ ^^^j ^ 

CD-ROM disk as well). The user program then transmits the w u u ^ ^ a . .1 / • 

user's individual access key code (which optionally may be "^^''^ ^V"'"^ '^'} '^f' " Password If 

encrypted) over a communication network or over a tele- identification key matches the identification key m the 

phone network to the host computer or server, which will be 25 ^^'^ coo^P^iter s database of user identification keys and if 

appropriately programmed to check the user's access key enters the correct password, the host computer, 

code against the registry of stored authorized individual user through its programming, will grant access to the user, 

access key codes. The server program will further include The host computer (server) will be further programmed to 

the requisite steps to interdict and end any attempt to gain require the remotely accessed terminal program to 

access to the server or transaction program through a trans- 3Q re -authenticate itself at regular intervals. This helps defend 

mitted access code which is not stored in the database of against thieves who capture an identification key en route to 

authorized individual user access key codes. The server the host computer or who misappropriate or steal a user's 

program will disconnect and may optionally inform the user connection. Unless a thief has the unique CD-ROM "key", 

that an unauthorized key access code has been transmitted. he would be unable to use his unauthorized access for longer 

Alternatively, and assuming the CD-ROM disk was 35 than the time between requested re-authentications, 

proper and contained an authorized access key code, the Although individual identification keys arc contemplated, 

communication between the user's remote computer and the in some applications, some or all of these identification keys 

host server will continue with the host computer's program may be shared among a class or subclass of users, 

including steps to grant access to the user's program and In another embodiment, the host computer is programmed 

begin the session. As will be explained hereinafter, the host 40 to send an encryption key to the remote terminal. The 

computer program or server program and the user program terminal program executing on the remote terminal uses the 

may optionally encrypt the session using the user^s encryp- encryption key to encrypt the unique identification key on 

tion key or keys, which are also stored in the server's the CD-ROM disk. Then the encrypted identification key is 

database and on the individual user's CD-ROM disk. The sent to the host computer for verification. If the encryption 

optional encryption might also include encryption keys 45 means is a public key encryption algorithm with a suflB- 

which are stored on the user's CD-ROM disk key. ciently long key, a third party would have great difiSculty 

At this stage, access to the secured database or "secured extracting the unencrypted identification. A variation to this 

server transaction program" can proceed with the authorized method is to have part of the encryption key contained on the 

user communicating through his own personal computer user's CD-ROM "key" with the other part sent from the host 

with the host server to conduct whatever "transaction" he 50 computer. The host computer always has access to a com- 

may wish to effect, ranging from the simple ordering of plete database of all the encryption keys and identification 

merchandise, to the conduct of financial transactions, to keys. Without the portion of the encryption key from the 

conduct of research into a secured database, or any other CD-ROM or host computer, the remote terminal program is 

type of two-way communication which is capable of being unable to decrypt messages. If the encryption key from the 

conducted between a remote computer terminal and a host 55 host computer is varied with time, selected randomly, or 

terminal over a communication network or a telephone unique to each user session, the user's computer will essen- 

network. It is to be understood that a level of security lially never transmit the same encrypted identification key 

heretofore unavailable to remote consumers communicating twice. 

with a host computer is provided by the new system which The remote terminal program can pad the identification 

utilizes ultra long identification key codes typically eo key with random, null, or nonsense prefixes or suffixes or 

impressed upon or otherwise recorded upon "large keys" in interpolated characters. To insure that the same identification 

the form of a CD-ROM disk or the like. The ultra long message is not sent twice, the encryption algorithm is 

identification keys are checked and approved through data- provided with good diffusion (wherein a change in any 

bases of such identification keys which are stored in a character in the plain text changes many or all of the 

remote host computer or server 65 characters in the encrypted text). The pad will preferably be 

Note that in some applications, the key generation algo- specified by the host computer so that previously used 

rithm might run on the server itself or even on the users* encrypted identification keys do not repeat. 
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The pad can vary in a pre-determined manner with time. 
For example, the pad could be the day, hour, and minute 
clock. The host computer can then be programmed to check 
that the pad is correct based upon the day, hour, and minute. 
The pad can also vary with each logon. 5 

Additionally, the user ID or user number may be padded 
as discussed above. 

In another embodiment, the encryption key is included on 
the user's CD-ROM key disk and is never transmitted. The 
remote terminal program may pad the identification key as 
previously discussed. The host computer will be pro- 
grammed to look up the encryption key for the user's 
claimed identity in a stored database of encryption and 
identification keys. Then the host computer will decrypt the 
unique identification key, remove the padding, and compare 
the decrypted key with the key retrieved from the host 
computer database, thereby verifying the user's identity. 
Again, when the encryption algorithm has good diffusion, 
the added characters will insure that the user's computer will 
essentially never transmit the same identification key twice. 

In another embodiment, the central server selects the 
encryption key of the moment from a table on the user's 
CD-ROM; a copy of said table being in the central server. 
This avoids transmitting the encryption key over the con- 
nection; all that is transmitted is which entry in the key table ^5 
is to be used, not the encryption key itself. 

In another embodiment, the remote terminal transmits a 
plain text or encrypted user ID or identification key from the 
user's CD-ROM key identification key database to the host 
computer. A second encrypted identification key is sent from 30 
the remote terminal to the host computer. The first identifi- 
cation key is used by the host computer to look up a unique 
encryption key for that user. The second identification key is 
then decrypted using the unique encryption key and the 
user's claimed identity. If the decrypted identification key is 35 
correct, the user's claimed identity is then verified. The 
encryption key is never transmitted since both the remote 
terminal and the host computer have the encryption key 
stored locally. 

In addition, other parts of the transmission, or the entire 40 
transmission or session may be encrypted using a unique 
user-specific encryption key on the user's CD-ROM disk. 
When the server is aware of the user's identity, it will look 
up said key in its own table; hence said key need never be 
transmitted between user and server or vice -versa. Again, 45 
techniques such as padding would typically be used. This 
embodiment not only provides additional security, it also 
securely authenticates the host computer to the remote 
terminal program. An "imposter" server would lack the 
database of user encryption keys and would be unable to 50 
decrypt the remote terminal's messages and accordingly 
would be unable to respond plausibly to the remote terminal. 

Alternatively, a one-time pad stored on both the user's 
CD-ROM disk key and the host computer can be used as the 
encryption means or key to encrypt the user's identification 55 
key to provide additional security. After receiving the 
encrypted identification key, the host computer is pro- 
grammed to look up the one-time pad under the user's 
claimed identity in a database of one-time pads. After 
decrypting the identification key, the host computer can 60 
authenticate the user's identity. Alternatively, a one-time pad 
of unique identification keys can be stored on each user's 
CD-ROM key disk. The central server would then demand 
a new key every time, and verify said new key against its 
own copy of that user's on-time pad of ID keys. 55 

Both one-time pad arrangements also avoid transmitting 
the same user authentication key twice. 



Furthermore, the one-time pad can be used to encrypt 
other important information communicated. For example, 
with use of a 250 kilobyte user-specific one-time pad (e.g. in 
conjunction with a consumer catalog) to encrypt the user's 
credit card number, assuming that one byte is used to encrypt 
each digit, then a sixteen digit credit card number would use 
16 bytes of the 250 kilobyte one-time pad. Assuming the 
user performed ten transactions a day, the 250 kilobyte 
one-time pad would last more than four years. 

For any of the aforementioned identification techniques, 
the terminal program and the host computer also may be 
programmed to demand that the user enter (e.g. by typing 
through a keyboard) a password previously specified. The 
password will be compared with the passwords stored on the 
CD-ROM or host computer corresponding to the user ID. 

All of the above-described encryption methods can also 
be used to encrypt important information transmitted. 

All of the above-described authentication methods can 
also be iised in reverse to authenticate the host computer to 
the remote terminal program, as will be understood. 

The most secure encryption techniques, such as public 
key encryption, can take up to 1000 times longer to process 
than more routine encryption methods, unless a special- 
purpose processor for the particular algorithm is added to the 
user s computer. One method to increase speed is to use the 
most secure means to encrypt only the most sensitive 
portions of the transmission and use faster encryption meth- 
ods for less critical portions of the transmission. Because of 
the large capacity and speed of a CD-ROM, databases of 
encryption keys for each encryption method and host com- 
puter can be easily stored and accessed. Portions of the 
transmission that are common and do not need to be pro- 
tected can be transmitted as plain text. Repeated text or 
graphics which all users will view can optionally be stored 
on the CD-ROM to decrease the amount of information 
transmitted from the host computer to the remote terminal. 

A special encryption device may be attached to the host 
computer in order to expedite encryption and decryption of 
transmitted data. Since the host computer will most likely 
service many users, the encryption device should prove very 
economical. 

The cost of having extremely large keys and databases of 
keys is the cost of the space on a CD-ROM which is not 
available for other information and the space needed to store 
these keys on the computer host. Since the cost of producing 
CD-ROM disks has dramatically decreased in the last few 
years, the use of CD-ROM disks has become quite eco- 
nomical. Thus the new authentication system of the inven- 
tion is more economical and more effective than the prior art 
systems. 

Additionally, each CD-ROM key of the invention may 
contain different identification keys or tables or databases of 
identification keys for use with different servers. For 
example, in an application wherein several catalogs of 
different vendors are contained on one CD-ROM key, dif- 
ferent databases of identification keys and encryption keys 
would be allocated for use with each vendor's host com- 
puter. 

To allow existing CD-ROM keys to be used to access new 
servers, each CD-ROM disk could include identification 
keys or tables or databases of identification keys that are 
initially not assigned to any server. These can then be 
assigned later to access new servers, computers, programs, 
databases or information functions. This arrangement averts 
the need for distributing new CD-ROM disks whenever a 
new server is added. 



03/31/2004, EAST Version: 1.4.1 



5,771,291 

7 8 

Information about the new server such as its name, new counterfeit user identification keys. Accordingly, the 

network address, and telephone number, along with which counterfeiting of valid user ID numbers can be eliminated, 

database of keys onthe CD-ROM disk is assigned to the new a further security measure would be to append the 

server needs to be given to the user*s access program. For encrypted version of the identification key to the unen- 

example, if 200 keys are already assigned to existing 5 crypted version to form a single longer key. Alternatively, 

servers, the 201st key might be assigned to a new server. the final key might comprise two different encrypted ver- 

This information could be included in either encrypted or sions of the unencrypted key. Alternatively, the final key 

unencrypted form on an update floppy disk or other portable might be a function of both the unencrypted version and of 

medium, posted on a bulletin board or server, including on a parity, hash, encryption function, or other function of the 

any or all of the existing servers, or undated automatically lO unencrypted version. 

by the remote terminal access program during a subsequent ^^^-^-^^^ ^^^^^-^ applications, provisional initiation 
communication session. Such mformation may not be par- transaction upon receipt of a valid ID by the host 
ticularly pnvate, as it is typically the same for all users bemg ^^^p^^^^ ^^g^t be permitted, but the transaction is corn- 
granted access to the new server. ^^^^^^ ^^j^ ^^^^ ^ ^^^-^^^ ^^^^..^ database. 

The user's access program would typically store the ^5 This arrangement improves response time for the user and 

update information for the new servers in a small file on the reduces the speed requirements on the storage means. For 

user's hard-drives. If the users have a writable CD-ROM example, a credit card transaction could be started upon 

drive, the information could be added to the CD-ROM disk receipt of a valid ID but not completed until after the ID has 

key. If the information about each server comprise no more been checked with the database and approved, 

than 50 characters, a 10 kilobyte disk file could contain ^^j^^ ^ ^^^^^ ^^^^^ computer does not make mis- 

mformation on at least 100 new servers. A file a few ^^^^^ g^jj^j-^jg identification key. Accordingly, unless 

megabytes in size would allow a short descnption of each disruption is indicated, the preferred software imple- 

mentation will disconnect the user after only one attempt 

Eventually, the new servers would be included on undated using any invalid CD-ROM identification key. This allows 

CD-ROM disk keys distributed to aU users. speedy rejection of attempts by hackers or other transgres- 

Informational, transactional, and promotional databases sors and avoids tying up the system with their illicit 

are all of commercial interest. Access can be controlled, attempts. By disconnecting after one attempt, hackers cannot 

verified, or tabulated by the CD-ROM key. In addition, the rapidly try multiple identification keys, 

individual CD-ROM disks may contain all or portions of If this option is implemented, it is also preferable to not 

these databases. The portions of the databases that change allow log-on if line disruption is indicated; else a hacker 

infrequently might be encoded on the users' CD-ROM disks could counterfeit a parity failure or the like to allow multiple 

and updated when new disks are produced, whereas variable access key attempts. It may also be preferable to disconnect 

portions might typically be stored on the server. the user if more than, for example, three line disruptions are 

The host computer can be programmed to grant different 35 indicated during attempts to log-on. 

access privileges to different users. For example, in a cor- The host computer's database of user identification keys 

porate network, the C.E.O.'s CD-ROM key would grant him is well protected against attempts to steal or copy it. 

access to all information on the host computer, while a clerk Nevertheless, it is advantageous to protect against attempts 

s disk might only grant access to a data entry program. to steal or copy the server's database of user identification 

Similarly, in a consumer application, different consumers 40 keys or user access keys and thereby counterfeit the users' 

might have different credit limits. The requisite privilege or unique CD-ROMs. Accordingly, the server database of a 

privilege level might either be encoded on the CD-ROM or, preferred implementation of the invention contains an 

preferably, would be included in a database on the host encrypted or otherwise altered version of the user identifi- 

coraputer. cation keys. The server of the invention employs a trap-door 

The CD-ROM key of the invention may contain both 45 authentication algorithm to compare the user ID or access 

unencrypted and encrypted versions of one or more identi- recovered from the incoming data stream with the 

fication keys. The encryption is done before or as the disk is altered version in the server's own database for that user's 

imprinted using a key and encryption method unknown to claimed identity. The trap-door authentication algorithm 

the user and using encryption means that are ideally authenticates the user if and only if the encrypted idcntifi- 

unknown to the user. For user authentication purposes, the 50 cation key in the server's database represents the same 

host computer, which has the key, would be programmed to identification key as the one embedded or encrypted in the 

demand both the unencrypted version of the identification incoming data stream. The trap-door authentication algo- 

key and the encrypted version of the key. The host computer rithm is impractical to be used to recover the actual identi- 

thcn would be programmed to decrypt the encrypted version fication key from the encrypted key in the host computer's 

of the key and compare it with the unencrypted version. If 55 database. Since the server database does not contain the 

the two keys are the same, then the user identification key is actual identification keys, and the trap-door authentication 

almost certainly a valid key. For example, if the encryption function is of no help in recovering them, mere possession 

were the inverse of a long-key public-key encryption, the of the host computer's database is not sufficient to recover 

public key would be held by the host computer only (and the the identification keys. Thus, stealing or copying the host 

inverse or private key would be held by the disk maker 60 computer s database of identification keys will not allow a 

only). An intruder would have to generate a counterfeit thief to counterfeit the users' unique CD-ROM key access 

identification with the corresponding encrypted version, disks and thus will not allow the thief to access the system 

which would require the inverse or private key. Obtaining as a legitimate user. 

the key would be virtually impossible, even if the would-be One such trapdoor authentication algorithm is imple- 

counterfeiter obtained huge numbers of different user disks. 65 mented as follows. When preparing the users' CD-ROMs 

And since even the server does not have the private key, and the database for the host computer, the users' unique 

cracking the server would not allow a counterfeiter to make identification keys are encrypted with a di£ficult-to-decrypt 
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long-key code. The encrypted key is copied into the host As an occasional delay in a transaction is tolerable, 

computer's database and the unencrypted identification key magnetic tape can optionally be used as a back-up means or 

is written onto the user's CD-ROM key. In use, the host as a redundant storage means for use in regenerating data, 

computer takes the identification key recovered from the ^^^^^ CD-ROM disks may also contain a network 
incoming data stream from the user, encrypts it with the 5 access program, encryption routines, and other data and 
same means used to encrypt the database and compar^ the 

encrypted key with the database entry tor lhat user. It the ° 

keys are identical, the user is authenticated and access is portable large storage media can contam a read-only 

granted. portion and a read-wnte portion, typically a write-once 

Another class of trapdoor authentication algorithms go read-many portion. (See for example the disks illustrated 

directly from the encrypted version of the password embed- described in U.S. Pat. Nos. 5.287,335 and 5,206,063, the 

ded in the data stream from the user to the other encrypted substance of which patents is incorporated by reference 

version in the server's database. Accordingly, the unen- herein.) The read-only portion would typically contain pro- 

crypted version of the password never exists on the server grams or information common lo many users, e.g. network 

and cannot be tapped or recorded by any illicit program or access programs and/or encryption routines and/or other 

vims on the server. ^^ta or programs of utility to many users. For example, in 

In a yet further embodiment, each CD-ROM key is consumer applications, the read-only portion might include 
provided with multiple databases of identification and catalogs, advertising, or other commercial information. The 
encryption keys. The serv'er or host computer is programmed read-wnte porUon or wnte-once read-many portion would 
to use or have access only to one database. The copies of the typically contam the unique user access key codes and 
other databases on the user's CD-ROM are stored in a vault. ^"^^^^ ^^er encryption keys (if used) and any other infor- 
If the host computer's identification keys were ever stolen, "nation unique to the particular user, 
the host computer can simply be loaded with one of the user In a CD-ROM implementation, the read-only portion of 
databases from the vauU and use the new identification keys. the users' disks could be imprinted quickly and economi- 
Since the user already has the new database of his new keys cally by pressing. The individualized portion, typically a 
on his CD-ROM, there is no need to provide a new write-once, read-many portion, would then be quickly 
CD-ROM to all the users, and the thief remains locked out recorded on an appropriate recording CD-ROM drive. This 
of the host computer. In addition, if only part of the server's approach may prove advantageous in a variety of high- 
database is copied or stolen, then only a portion of the volume applications. 

database need be changed and only the corresponding users* The means discussed herein for securing and controlling 

CD-ROM disks need use an alternative identification data- access to a host computer or server can also be implemented 

base. on an auxiliary or dedicated processor or computer such as 

Preferably, a secure means to direct the users' computers a "firewall processor", or on a network processor, router, or 

to use a different database of identification keys on the switching system, instead of the host computer or server. An 
CD-ROM is used. Any of the previously described authen- 35 auxiliary or dedicated processor or computer eliminates the 

tication algorithms can be used for this purpose. One tech- need for the host computer to perform the authentication, 

nique is for the server to encrypt by private key the message decreasing the processing load of the host computer, 

with a time-dependent pad. The user program on the The CD-ROM or the other portable storage medium can 

CD-ROM then uses the public key, which is also stored on be used to control access to, through, or under the control of, 

the CD-ROM, to decrypt the message, then checks that the any stored-program processor capable of direcdy or indi- 

time-dependent pad is correct and switches to an alternate rectly accessing storage capacity sufficient to hold the req- 

user ID or identification key database. The private key and uisite database of user key codes. Indirect access may 

the replacement database are given to the host computer at comprise remote access via a network or may comprise 

the same time. access from another processor or memory system. 

The host computer may be provided with multiple data- 45 It will also readily be apparent to those skilled in the art 
bases wherein a specific combination is required to access that the means described herein for providing secure access 
any identification keys. For example, in one embodiment, to a host computer or server or to databases or transaction 
one database contains a one-time pad and the other contains processing systems implemented on same can also be used 
the database of identification keys encrypted using the to control access to other computers, or to networks, or to 
one-time pad. A thief who stole or copied only the database 50 databases or transaction processing systems or other pro- 
would be unable to recover any keys. grams or information functions implemented on or accessed 

In corporate applications, where the user CD-ROM keys through same, 

will be used only or primarily on the company's own We claim: 

computers, the change to another user ID can be made 1. A method of providing user identification and authen- 
permanent by recording a word in a small file on the hard 55 tication using ultra long identification key codes and/or ultra 

drive. Once the file is altered on all of the company's large databases of identification key codes in a manner 

computers, the change is complete. This could be done at the providing secure access from a remote computer terminal to 

next log-on for each user, a database or server transaction program stored on a host 

In yet a further implementation, the host computer can use computer, comprising the steps of: 
an array of inexpensive CD-ROM drives to store the data- 60 (a) utilizing key generation algorithms to generate 

base of identification keys. Advantages of this novel individual, class specific, or both user key codes which 

CD-ROM array approach include that the cost per megabyte may optionally contain individual encryption keys; 

is comparable to or less than that of magnetic disk drives, (b) creating a database or otherwise updating an existing 

and that a drive failure almost always leaves the recorded database comprising a compilation of each of the 

data intact. The CD-ROM disk can simply be changed to 65 access key codes which have been generated for pre- 

another drive. In addition, there is the security advantage determined authorized users of the server transaction 

that the written data is in permanent form. program; 



03/31/2004, EAST Version: 1.4.1 



5,771,291 



11 



12 



(c) recording, on separate individual portable storage 
media directly compatible with and readily insertable 
and removable from said remote computer terminal, 
each of said individualized and class specified user 
access key codes along with the optional individual 
encryption keys; 

(d) loading or providing the server serving as the host 
computer with a complete registry or compilation of 
each individualized and class specified access key code 
and any optional individual encryption keys which 
have been generated by the key generation algorithms; 

(e) providing each authorized user with said portable 
storage medium containing the authorized user's indi- 
vidual or class specified access key code; 

(f) providing the server with computer programming 
including steps for comparing individual and class 
specified access key codes transmitted over telephone 
networks or communication networks from a user's 
remote computer terminal against the stored compila- 
tion of authorized access key codes and permitting 
correct matches to have access to said server transac- 
tion program while denying access to unauthorized 
access key codes; 

(g) providing users* remote computer terminals with 
programming to permit connection to said server 
through a communication network or telephone net- 
work and to transmit individual and class specific 
access key codes through said remote computer termi- 
nal utilizing readers for the portable storage medium to 
said server for the purposes of gaining access to said 
server transaction database; and 

(h) conducting a communications session between the 
user's remote computer terminal and said server trans- 
action program through said telephone or communica- 
tion network. 



15 
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2. A user identification authentication system using ultra 
long identification keys and/or ultra large databases of 
identification keys for secure remote computer terminal 
access to a host computer comprising: 

(a) a host computer having a compiled database of pre- 
authorized user access key codes of ultra long length; 

(b) a series of individual portable storage media directly 
compatible with and readily insertable and removable 
from said remote computer terminal, each containing a 
unique or class unique access key code distributed 
among authorized users of a server transaction pro- 
gram; 

(c) a server with programming to compare received access 
key codes with stored authorized access key codes and 
to deny access to the server transaction program to any 
user transmitting an unauthorized key code but to 
permit access to any user transmitting an authorized 
access key code; 

(d) each of said access key codes being ultra long and 
comprising at least 25 characters or 25 bytes. 

3. A method of providing user identification and authen- 
tication as described in claim 1, further comprising: 

(a) an algorithm which generates one time pads; 

(b) said one time pads are stored on a CD-ROM which is 
said portable storage medium and said pads are loaded 
or provided to the server; and 

(c) the one time pads are used to encrypt the user access 
key codes by the remote computer terminal access 
program before being transmitted to the host computer. 

4. The method of claim 3, further including the step of; 
(a) providing additional programming on said CD-ROM. 
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